Popular investment broker Robinhood has disclosed a large data breach in which an attacker obtained a list of email addresses for 5 million people, and the full names of a different group of 2 million customers.
Robinhood said that after the intrusion was contained, the unnamed attacker demanded an extortion payment.
The company did not say how much money was demanded, but revealed that a small number of people, 310 in total, had their sensitive personal information including names, dates of birth, and postal codes exposed.
A further 10 customers saw even more extensive account details leaked, Robinhood said.
The attacker used social engineering against Robinhood's customer support, and tricked an employee over the phone to provide access to the investment brokerage's systems.
Robinhood reported the extortion attempt to law enforcement.
The company said it has hired security firm Mandiant to help investigate the large-scale data breach.